The existence of so many databases that represent invasions of privacy is concerning in itself. This concern is compounded by the lack of respect for data security. A large number of data security breaches have resulted from an institutionally lax approach to the citizen’s data. The filing system at the Borders and Immigration Agency, the desk files in the Home Office, the theft of laptops at MoD, the loss of computer discs and the loss of 25 million records of the Child Benefit Database all show this.
This culture extends even into the design and implementation of the IT systems themselves: the Hannigan report into data losses identified 2,300 systems that are not security accredited, yet there was no requirement that any of these legacy systems be made secure. (Report from Centre for Policy Studies, November 2009).
It is now clear that there is no systematic and rigorous approach to data assurance. There are no common standards. Responsibility for security policy sits in many different parts of government, with little evidence that security even today reaches the standards the public is entitled to expect.
If you don’t collect it, you don’t have a data assurance problem. A more evidence based approach to the need for the data in the first place would solve this problem.